jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Deparvu (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (OAK-7937) Implement CugAccessControlManager.getEffectivePolicies(Set<Principal> principals)
Date Wed, 05 Dec 2018 17:06:00 GMT

     [ https://issues.apache.org/jira/browse/OAK-7937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Alex Deparvu reassigned OAK-7937:

    Assignee: Alex Deparvu

> Implement CugAccessControlManager.getEffectivePolicies(Set<Principal> principals)
> ---------------------------------------------------------------------------------
>                 Key: OAK-7937
>                 URL: https://issues.apache.org/jira/browse/OAK-7937
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>            Reporter: angela
>            Assignee: Alex Deparvu
>            Priority: Major
>             Fix For: 1.10
> today CugAccessControlManager.getEffectivePolicies(Set<Principal> principals) returns
an empty array and has a comment stating that this is not implemented.
> having thought this through again, i think there was some benefit in having the implementation.
as long as the given set of principal does NOT include everyone the return value should just
include the CUG-policies that explicitly list any of principals. IF _everyone_  was part of
the set, the return-value basically includes _all_ CUG-policies, because every CUG will deny
read-access for everyone except for the principals explicitly listed in the CUG-policy...
if we do the latter as lazy as possible it might still be doable even in a scenario, when
there are tons of CUG-policies specified.
> [~stillalex], wdyt? do you want to take care of this?

This message was sent by Atlassian JIRA

View raw message